I generally wanted to test their security and wanted to be a piece of authority Adobe security researchers. This time HackerOne provided me with a chance to do as such. The Adobe security administration group keeps running on HackerOne HackerOne HackerOne and I wanted to test their web application. Adobe has the most tremendous scope as indicated by HackerOne and it has settled circuitous more than one thousand or more reports
On 24th August 2016, I reported security vulnerability to Adobe related with SPF and DMARC records which may lead to Email address spoofing. This one is the same as I established in Magento.
After three days their security team members marked that report as triaged.
That was a good minute for me, I was truly cheerful on the grounds because that was my first report that got triaged in HackerOne. But after that who knows they took as much time to resolve, Be patience, my patience. I got some information about updates after a month that they are still working on it and inform me once it gets fixed. Affirm! It took over more than five months now however they didn't respond about any updates or inquiries. One day all of a sudden I opened my HackerOne account and investigated my triaged reports. This one is the special case that keeps going so long. I retried to test it and what I established is that it is not predictable from my side. I pinged them once again and requested updates. Following one day they marked it as resolved because it is not producible anymore
As per HackerOne policy, researchers are automatically featured in the team hall of fame if reports get resolved. I got recorded in Adobe's Hall of Fame and that was my great experience.
I would like to Thank adobe security team and I would also like to thank you for your precious time. If you have any questions or suggestions then please use the comment form below and let me know. I always appreciate your comments and suggestions.
Oldest comments (0)